QwikSec

Security Database

CVE

CWE

Training

CVE-2020-14331

Published: Sep 15, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Vendor	Product	Versions
n/a	Linux Kernel	affected `All versions of the Linux kernel`

Weaknesses (CWE)

References

https://www.openwall.com/lists/oss-security/2020/07/28/2

x_refsource_MISC

https://lists.openwall.net/linux-kernel/2020/07/29/234

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=1858679

x_refsource_MISC

[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.